﻿<%@ CODEPAGE=65001%>
<%
'---------------------------------------------------------------------
'通用设置模块
'
'主要功能：设置系统参数，完成用户数据加载、Blog信息加载和访问权限校验
'
'因本文件已经包含数据库访问模块、缓存模块、类定义模块以及其它工具模块，
'其它asp文件只需include本文件即可。包含本文件的asp文件末尾还需包含end.inc文件以完成清理工作。
'
'author: evan zhao
'---------------------------------------------------------------------

  option explicit
  
  const DEFAULT_CODE_PAGE = 65001
  const DEFAULT_CHARSET = "UTF-8"

  Server.ScriptTimeOut = 300
    
  'Session.CodePage=DEFAULT_CODE_PAGE
  Response.CodePage=DEFAULT_CODE_PAGE
  response.charset=DEFAULT_CHARSET
  response.buffer = true  
  response.contentType="text/html"
  'response.AddHeader "Last-Modified", DateToGMT(Now())
  'response.Expires = 0
  'response.CacheControl = "no-cache"
  
  if MISSLOG_CLOSED then
    response.write "系统维护中，请稍后访问。"
    response.end
    return
  end if
  
  '系统参数设置已经移至config.asp，请到config.asp中修改
  
  dim starTime,curTime,debugTime,endTime,lastTime 'lastTime上次访问时间
  startime=timer()
  curtime=timer()
  

  
%>
<!--#INCLUDE file="adovbs.asp"-->
<!--#INCLUDE file="../CONFIG.asp"-->
<!--#include file="utils/md5.asp"-->
<!--#include file="utils/tools.asp"-->
<!--#include file="utils/cache.asp" -->
<!--#include file="rssreader/rss_reader.asp" -->
<!--#include file="conn.asp" -->
<!--#include file="models/MLHost.asp" -->
<!--#include file="models/Blog.asp" -->
<!--#include file="models/BlogCat.asp" -->
<!--#include file="models/BlogItem.asp" -->
<!--#include file="models/BlogComment.asp" -->
<!--#include file="models/BlogTrack.asp" -->
<!--#include file="models/User.asp" -->
<!--#include file="models/UserRight.asp" -->
<!--#include file="models/LinkGroup.asp" -->
<!--#include file="models/Link.asp" -->
<%
  'response.write " include cost: " & (timer() - curtime ) &"<br>"
  'curtime = timer()	

  dim cssFile, editCssFile
  cssFile = "styles.css"
  editCssFile = "stylesedit.css"

  dim userObj, blogObj, blogCatObj, userRightObj 

  call checkRefresh()
  call loadUserConfig()  
  call loadBlogConfig()
  call loadBlogCatConfig()  
  call checkRight()

  sub checkRefresh()
    '控制不能刷新过快，GET方式1秒，POST方式5秒
    dim minInterval,last_url, full_url,query_string
    
    last_url = Session(GLOBAL_CACHE_PREFIX & "_URL")
    full_url = Request.ServerVariables("URL") 
    query_string =  Request.ServerVariables("QUERY_STRING") 
    if query_string<>"" then
        full_url = full_url & "?" & query_string
    end if   
    Session(GLOBAL_CACHE_PREFIX & "_URL") = full_url
    
    if UCASE(Request.ServerVariables("REQUEST_METHOD")) = "GET" then
        minInterval = 1
        lastTime = Session(GLOBAL_CACHE_PREFIX & "_LAST_GET_TIME")
        Session(GLOBAL_CACHE_PREFIX & "_LAST_GET_TIME") = timer()
    else
        minInterval = 5
        lastTime = Session(GLOBAL_CACHE_PREFIX & "_LAST_POST_TIME")
        Session(GLOBAL_CACHE_PREFIX & "_LAST_POST_TIME") = timer()
    end if
    if last_url=full_url and not isEmpty(lastTime) and (timer()-lastTime)<minInterval then
        message("请不要刷新过快" & (timer()-lastTime) & "<" & minInterval)
    end if    
  end sub
  
  '由于使用session记录上次访问时间用于防止刷新过快,正常使用Server.transfer前需重置上次访问时间
  sub transfer(url)
    Session(GLOBAL_CACHE_PREFIX & "_LAST_GET_TIME") = Empty
    Session(GLOBAL_CACHE_PREFIX & "_LAST_POST_TIME") = Empty
    call closeDB()
    call Server.Transfer(url)
  end sub
  
  sub redirect(url)
    Session(GLOBAL_CACHE_PREFIX & "_LAST_GET_TIME") = Empty
    call closeDB()
    call Response.Redirect(url)
  end sub
    
  sub loadBlogConfig()
    dim blog_id
    blog_id = trim(request("blog_id"))
    if blog_id="" then
        blog_id = trim(session(GLOBAL_CACHE_PREFIX & "blog_id"))
    end if
    if not IsEmpty(blog_id) and blog_id<>"" then
        blog_id = clng(blog_id)
        set blogObj = new BlogClass
        if blogObj.load(blog_id)=false then
            call closeDB()
            response.write("该Blog不存在")
            response.end
        end if
    else    
      dim user, blogOwner
      user = trim(request("user"))
      if (user<>"") then
        set blogOwner = new UserClass
        if blogOwner.load(user)=true then
            if not isEmpty(blogOwner.blog) then
              if not isEmpty(blogOwner.blog.blogId) then
                set blogObj = blogOwner.blog
              end if
            end if
        end if    

        set blogOwner = nothing
      end if  
    end if

    dim defaultBlog
    set defaultBlog = new BlogClass
    defaultBlog.load(defaultBlogID)

    if isEmpty(blogObj) then
		blog_id = defaultBlogID
		set blogObj = defaultBlog
    end if
	session(GLOBAL_CACHE_PREFIX & "blog_id") = blogObj.blogId

    if isEmpty(hostTitle) then
        hostTitle = defaultBlog.blogTitle
    end if

    if isEmpty(hostDescription) then
        hostDescription = defaultBlog.blogDesc
    end if
  end sub

  sub loadBlogCatConfig()
      dim cat_id
      cat_id = trim(request("cat_id"))
      set blogCatObj = new BlogCatClass
      call blogCatObj.load(blogObj.blogId, cat_id)
  end sub  
  
  sub checkRight
    set userRightObj = new UserRightClass
    call userRightObj.load(userObj.userId, blogObj.blogId, blogCatObj.catId)
    if userObj.isAdmin then
          userRightObj.canRead=true
          userRightObj.canReply=true
          userRightObj.canPost=true
          userRightObj.canDelete=true
          userRightObj.canReadSecret=true
          userRightObj.canManage=true
    end if
    
    if userRightObj.canRead<>true and Request.ServerVariables("URL")<>MISSLOG_ROOT & "/login.asp" then
        message("您没有访问权限，请点击<a href='javascript:history.back()'>后退</a>或重新<a href='" & MISSLOG_ROOT & "/login.asp'>登录</a>")
        response.end
    end if
    

  end sub

  function loadUserConfig()
     dim isLogin ' 是否是从页面登录

     '设置语言选项
     if not isEmpty(request("lang")) then
        Session(GLOBAL_CACHE_PREFIX & "lang") = request("lang")
     end if
     
     if isEmpty(Session(GLOBAL_CACHE_PREFIX & "lang")) and not isEmpty(Request.ServerVariables("HTTP_ACCEPT_LANGUAGE")) and lcase(Request.ServerVariables("HTTP_ACCEPT_LANGUAGE"))<>lcase(DEFAULT_LOCALE) then
     	Session(GLOBAL_CACHE_PREFIX & "lang") = Request.ServerVariables("HTTP_ACCEPT_LANGUAGE")
     end if
     ' get login info
  
     dim userName, password, autoLogin, email, webUrl
     
     userName = filterHTML(request.Form("username")) ' get username from request
     if isEmpty(userName) or userName="" then
        userName = filterHTML(request.QueryString("username")) ' get username from request
     end if 
     
     if isEmpty(userName) or userName="" then
       userName = Session(GLOBAL_CACHE_PREFIX & "userName") ' get username from session
     else
        isLogin = true   
     end if
     if isEmpty(userName) or userName="" then
        userName = filterHTML(urlDecode(Request.Cookies("misslog")("userName"))) ' get username from cookie
     end if
     
     password = filterHTML(request.Form("password")) ' get password from request
     if isEmpty(password) or password="" then
        password = filterHTML(request.QueryString("password")) ' get password from request
     end if
     
     if isEmpty(password) or password="" then
        password = Session(GLOBAL_CACHE_PREFIX & "password") ' get password from session
     else
        password = md5(password)
        isLogin = true
     end if
     if isEmpty(password) or password="" then
        password = filterHTML(Request.Cookies("misslog")("password")) ' get password from cookie
     end if

     autoLogin = filterHTML(request("autoLogin")) ' get autoLogin from request
     if isEmpty(autoLogin) or autoLogin="" then
         autoLogin = filterHTML(Request.Cookies("misslog")("autoLogin")) ' get autoLogin from cookies
     end if
         
     if autoLogin="true" then
        autoLogin = true
     else
        autoLogin = false
     end if
     
     email = filterHTML(request("email")) ' get email from request
     if isEmpty(email) or email="" then
         email = filterHTML(Request.Cookies("misslog")("email")) ' get email from cookies
     end if

     webUrl = filterHTML(request("web_url")) ' get web_url from request
     if isEmpty(webUrl) or webUrl="" then
         webUrl = filterHTML(Request.Cookies("misslog")("webUrl")) ' get webUrl from cookies
     end if


     ' login start
     
     set userObj = new UserClass
     userObj.userName = userName
     userObj.email = email
     userObj.webUrl = webUrl
     
     if isEmpty(userName) or userName ="" then
         exit function
     end if
     
     Session(GLOBAL_CACHE_PREFIX & "userName") = userName
 
     dim info, loginSuccess
     loginSuccess = false
             
     if not isEmpty(password) and password<>""  then
         if userObj.load(userName)=false then
             info = "用户名不存在"
         else
             if SUPPORT_MD5_16BITS and len(userObj.password)=16 and len(password)=32 then
                 password=mid(password,9,16)
             end if
             
             if ucase(password) <> ucase(userObj.password) then
                 info = "密码错误" 
                 set userObj = nothing
                 set userObj = new UserClass
                 userObj.userName = userName
                 userObj.email = email
                 userObj.webUrl = webUrl
                 
                 Session(GLOBAL_CACHE_PREFIX & "password") = Empty
             else    
                 Session(GLOBAL_CACHE_PREFIX & "password")=userObj.password
                 loginSuccess = true
                     
                 if userObj.isAdmin then
                     info = "登录成功"
                     if ucase(userObj.password)="7A57A5A743894A0E" or ucase(userObj.password)="21232F297A57A5A743894A0E4A801FC3" then 
                         info = info &"，<a href='userinfo.asp'>请立刻修改admin用户的密码</a>"
                     else
                         info = info &"，进入<a href='system/index.asp'>系统管理</a>"
                     end if    
                 end if    
             end if
         end if
     end if
      
     '将用户信息保存在Cookies中
     Response.Cookies("misslog").Expires=Date+30
     Response.Cookies("misslog")("userName") = urlEncode(userObj.userName)
     Response.Cookies("misslog")("email") = "" & userObj.email
     Response.Cookies("misslog")("webUrl") = "" & userObj.webUrl
     '如果允许自动登录则记录用户密码
     '为了安全系统管理员密码不缓存在Cookie中
     if autoLogin and loginSuccess and not userObj.isAdmin then 
         Response.Cookies("misslog")("password") = userObj.password '加密后的密码
         Response.Cookies("misslog")("autoLogin") = "true"
     else    
         Response.Cookies("misslog")("password") = Empty
         Response.Cookies("misslog")("autoLogin") = Empty
     end if
 
     if isLogin and not isEmpty(info) then '显示提示信息
         call closeDB()
         message(info)
         response.end
     end if    
     
    Session(GLOBAL_CACHE_PREFIX & "") = timer
    
     
  end function
  

  rem 退出登录,清空session和cookie里的用户信息
  sub logout()
    Session(GLOBAL_CACHE_PREFIX & "userName") = Empty
    Session(GLOBAL_CACHE_PREFIX & "password") = Empty
    
    Response.Cookies("misslog")("password") = Empty
    Response.Cookies("misslog")("autoLogin") = Empty
    
    Response.Cookies("misslog").Expires=Now()
    Response.Cookies("misslog")("userName") = Empty
    Response.Cookies("misslog")("email") = Empty
    Response.Cookies("misslog")("webUrl") = Empty
    
    set userObj = nothing
    userObj = Empty
  end sub    



%>